Abstract: Method of controlling a gateway regarding the communication flow being or to be processed through the gateway. The gateway is assigned to a first communication network that includes a media plane with at least one communication channel to which the gateway is linked, and a control plane, with at least one signaling channel to which a control device is linked. The control device is adapted to controlling the gateway. The method includes that inside a receiver device which is assigned to the first communication network a request for controlling the gateway is received. The request is received from an external third party device. By use of an influence device which, in particular, is assigned to the first communication network, the control device is influenced according to the request and the influenced control device controls the gateway regarding the communication flow being or to be processed through said gateway.

Abstract: A service log of a service provider is analyzed to identify IP addresses used by account holders that are populated IP addresses. Existing information about legitimate and malicious accounts of the service provider is leveraged to determine likely good and bad populated IP addresses based on the accounts that use the populated IP addresses. Features of the good and bad populated IP addresses are used to train a classifier that can identify good and bad populated IP addresses based on features of the populated IP addresses. The classifier may be used to provide security services to the same service provider or different service providers. The services include identifying malicious accounts.

Abstract: A node apparatus and method are described to prevent overflow of a pending interest table (PIT) in a name based network system. The node apparatus and method increases a number of PITs to correspond to a number of interface units so that the PITs match the interface units, respectively, and stores a request message flowing in per interface unit in the matching PITs. In addition, when a capacity used at each of the PITs exceeds a threshold, the node apparatus and method transmits a traffic control message for traffic control through respectively matching interface units to prevent overflow of the PITs.

Abstract: The disclosed invention is a system and method (collectively the “system”) for the automated management of content on a network interface. The network interface can be a web site on the World Wide Web, an Internet location, an intranet location, an extranet location, or some other form of network interface (collectively “web site”). The system can automatically create applications and links to those applications without human intervention. Examples of automated applications include newsroom applications, calendar of events, employment opportunities, project portfolio, biographies, frequently asked questions, document library, category management, product catalogs, e-mail broadcasts, surveys, and newsletters. Fully normalized hierarchies of business rules and user profiles can be supported by the system to facilitate automation and configurability. Multiple content providers can manage a single web site in a simultaneous or substantially simultaneous manner.

Abstract: The present disclosure provides a method and a system for managing the identification of devices (DID). A network device may provide the network device information to a server through a network. The server may generate a DID corresponding to the network device, and record the DID and the network device information into a device database. In addition, the network device and the server may share a shared key, which may be used to encrypt the DID and the network device information before the data transmission for enhancing security of the method. Moreover, the server may generate and record an exclusive key (Device Key) for data encryption before the data transmission with the network device, and transmit the Device Key to the network device. Therefore, the Device Key management may be accomplished simultaneously with the DID management to enhance data transmission security between the network device and the server.

Abstract: A mechanism is provided for managing pre-requisite software components of a software product distributed on a virtual machine. A list of pre-requisite software components for the software product provided in the software product virtual image distribution package of the software product virtual image is read. A test is performed as to whether each pre-requisite software component in the list of prerequisite software components is not installed in the virtual machine. If the prerequisite software component is not installed, the pre-requisite software component is retrieved. License text of the retrieved pre-requisite software component is read and displayed to a user. Upon approval of the license text by the user, the retrieved pre-requisite software component is installed. The process is repeated until all the pre-requisite software components are installed.

Abstract: Visual voicemail enables a user to view a list of voicemail messages and caller information, and select which messages to hear. Currently, a handset accesses visual voicemail using a web interface over a point-to-point network connection with an intermediary gateway. The gateway initiates requests to the voicemail platform on behalf of the handset using a single generic password. There is no direct authentication between the handset client and the voicemail platform. In an embodiment of the invention, the handset requests a password from the voicemail platform using the web interface. The voicemail platform sends a password to the handset via a Short Message Service text message, which is an inherently secure means of communication. The handset then uses the password to request voicemail data from the voicemail platform via the web interface.

Abstract: The disclosure discloses a method and a system for establishing a media channel based on relay. The method comprises: during a session negotiation process between a first User Equipment (UE) and a second UE, a media relay control server allocating a first service identifier and a second service identifier, transmitting the first service identifier to the first UE, transmitting the second service identifier to the second UE, and transmitting the first service identifier and the second service identifier to a media relay device; the media relay device receiving the service identifiers reported by the first UE and the second UE; the media relay device verifying, according to the first service identifier and the second identifier transmitted by the media relay control server, the service identifiers reported by the first UE and the second UE, and establishing a media channel between the first UE and the second UE if the verification is passed.

Abstract: A disclosed information processing system includes plural information processing apparatuses connected with a network. One of the plural information processing apparatuses includes: a first allocation unit to identify, for each subnetwork of plural subnetworks included in the network, one information processing apparatus from among information processing apparatuses included in the subnetwork, and assign to the identified one information processing apparatus, a first Reduce processing that is a processing to summarize results of a Map processing executed for data held in the information processing apparatuses included in the subnetwork; and a second allocation unit to allocate to any one of the plural information processing apparatuses, a second Reduce processing that is a processing to summarize results of the first Reduce processing executed for each subnetwork of the plural subnetworks.

Abstract: Techniques for securing authentication credentials on a client device during submission in browser-based cloud applications are disclosed. In one particular embodiment, the techniques may be realized as a method for securing authentication credentials on a client device comprising: detecting, on the client device, display of an authentication form in a browser window associated with a first flow to a target server; accessing, on the client device, one or more authentication credentials associated with a user of the client device; and submitting, to the target server, the one or more authentication credentials via a second flow to the target server.

Abstract: A method, an apparatus, and a computer program product for wireless communication are provided in connection with providing additional security for communication of sensitive information within a LTE based WWAN. In one example, a communications device is equipped to generate a keystream based on a mobility management entity-user equipment (MME-UE) key, a non-access stratum (NAS) message count value, and a contextual string associated with an informational element, and the contextual information, and cryptographically process the informational element using the generated keystream. In such an example, the communications device may be a UE, a MME, etc.

Abstract: Example methods and apparatus to register a device at a wireless local area network are disclosed. A disclosed example method involves receiving a registration request from the device, and sending a response to the device in response to the registration request, the response including one or more registration plans associated with registering the device for network access via the wireless local area network. The example method also involves receiving registration information from the device, the registration information associated with one of the one or more registration plans selected by the device.

Abstract: A system includes a first server and a second server. The second server receives a value from a first device, possibly via the first server, and stores the value. In response to a request from a second device, the second server then determines the value and sends the value to the second device. In this fashion, verification can be made that the first device is in communications with the first server.

Abstract: A web-based service portal provides a user interface to configure and/or access device(s) of a home network. The service portal can communicate with device(s) through application program interfaces (APIs). The service portal can provide a standardized user interface for specific feature(s) of a device. The service portal can further provide user authentication, device provisioning, and/or a user interface used to interact with device(s) in a home network. The service portal can established a trusted communication link between the portal and the device. The service portal can include a home control user interface component for providing a graphical representation of the home network and receiving user input and a device provisioning component that can discover and configure the device. The service portal can, optionally, include an authentication component that can authenticate a particular user's right to configure and/or access device(s) of a particular home network.

Abstract: Exemplary machine-to-machine (“M2M”) systems and methods are disclosed herein. An exemplary method includes an M2M platform system operating an M2M platform in accordance with a functionality set of the M2M platform, receiving data representative of an update to the functionality set of the M2M platform, and seamlessly transitioning, based on the data representative of the update and during runtime operation of the M2M platform, from the operating of the M2M platform in accordance with the functionality set of the M2M platform to operating the M2M platform in accordance with an updated functionality set of the M2M platform. Corresponding systems and methods are also disclosed.

Abstract: An application management agent running on a wireless communications device restricts access to device functionality (e.g., applications and device features) unless the application management agent has determined that a particular configuration profile has been installed on the device (after which the application management agent permits access to device functionality, and an operating system of the device enforces policy settings specified in the configuration profile). The application management agent confirms the presence of the configuration profile by initiating an SSL handshake with a client certificate request for a client SSL certificate embedded in the configuration profile. Validation against the embedded client SSL certificate implicitly confirms the presence of the configuration profile and validates the content of the configuration profile.

Abstract: A portable desktop device and method for host computer system hardware recognition and configuration are provided. The portable desktop device once authenticated provides access to a portable desktop application that provides a beat signal to the portable desktop device. In an absence of the beat signal, the portable desktop device prevents access to the portable desktop application and/or data associated therewith.

Abstract: An event notifying method includes determining whether a current home network, which is currently connected to a remote user interface server (RUIS) in a home network, is a user's home network selected by a user so as to be allowed to be notified of the event, selectively providing an event page to a remote user interface client (RUIC) selected by a user in the user's home network, and performing user authentication prior to providing the event page, thereby ensuring security of the user's private information.

Abstract: Various systems, computer-readable media, and computer-implemented methods of providing improved data privacy, anonymity and security by enabling subjects to which data pertains to remain “dynamically anonymous,” i.e., anonymous for as long as is desired—and to the extent that is desired—are disclosed herein. Embodiments include systems that create, access, use, store and/or erase data with increased privacy, anonymity and security, thereby facilitating the availability of more qualified and accurate information. When data is authorized by subjects to be shared with third parties, embodiments may facilitate sharing information in a dynamically controlled manner that enables delivery of temporally-, geographically-, and/or purpose-limited information to the receiving party. In one example, anonymity measurement scores may be calculated for the shared data elements so that a level of consent/involvement required by the Data Subject before sharing the relevant data elements to third parties may be specified.

Abstract: A computer-implemented method for managing private information in instant messaging is provided in accordance with an aspect of the present disclosure. In the method, first private information including details of a first instant messaging user is stored. Further, access authority of the first private information is maintained. When a second instant messaging user initiating a private information request has the access authority, provide the first private information to the second instant messaging user.

Abstract: One or more techniques and/or systems are disclosed for sharing a connection to a remote-based application running on a server. A plurality of client-side browser instantiations can be associated with the remote-based application, such as by running instantiations of the remote application locally on respective client machines. The client-side browser instantiations are able to write to and read from a local global storage regarding the remote-based application, and are notified of a state change to the local global storage, without polling. A first browser instantiation registers as a primary instantiation with the local global storage, and connects to the server for the remote-based application. One or more second browser instantiations registered with the local global storage, along with the primary browser instantiation, can send and receive updates for the remote-based application through the primary browser instantiation, utilizing state change notifications.

Abstract: A method for authenticating, by a trusted component, a user of a desktop appliance to a remote machine includes executing, by a desktop appliance, a user interaction component, responsive to receiving a secure attention sequence from a user. The user interaction component receives authentication credentials associated with the user. The desktop appliance transmits, to a broker service, the received authentication credentials. The broker service authenticates the user, responsive to the received authentication credentials. The broker service transmits, to a remote machine, authentication data associated with the received authentication credentials. The remote machine authenticates the user, responsive to the received authentication data. The remote machine provides, to the desktop appliance, access to a resource requested by the user. In another aspect, a trusted component provides, to a user of a desktop appliance, access to secure desktop functionality provided by a remote machine.

Abstract: A system and method for secure communication is provided. Outgoing messages to another computing device are encrypted using a first shared key shared with said other computing device, and a first counter, said first shared key and said first counter being stored in storage of a computing device. Incoming messages from said other computing device are decrypted using said first shared key and a second counter stored in said storage of said computing device.

Abstract: The present invention discloses a method, an apparatus, and a system for centralized 802.1X authentication in a wireless local area network, and the method includes: receiving, by the access point, an EAP authentication start message from the UE, where a destination address of the EAP authentication start message is a MAC address corresponding to an air interface of the access point, and its source address is a MAC address of the UE; modifying the destination address of the EAP authentication start message to be a multicast address of a port access entity or a MAC address of the authentication entity; and forwarding the EAP authentication start message whose destination address is modified.

Abstract: A system and method are provided for interfacing between a mobile device and a PC. The mobile device utilizes a connection with the PC for taking advantage of the larger display and input devices such as the keyboard on the PC to improve the user interface (UI). This also enables the user to take advantage of the mobile device's wireless connectivity at the same time, e.g. where the PC does not have the same connectivity.

Abstract: Various embodiments enable devices to share network authentication credentials or other information. For example, a computing device authorized to access a wireless network can be used to manage access to the wireless network, such as by modifying, sharing, or creating a password to access the wireless network. A peer-to-peer connection can be established between the authorized computing device and at least one other computing device (e.g., a guest computing device). Upon establishing the peer-to-peer connection between the devices, a service, application, or system component operating on each device can be used to share network authentication credentials between the devices. For example, the user of the authorized device can cause to be transmitted network authentication credentials to a guest computing device.

Abstract: A system includes a server, which provides activities and possibly other services to a player through a mobile gaming device. To verify that the mobile gaming device is communicating with the server, information received from a verification device is stored. Thereafter, in response to a request from the mobile gaming device, the stored information is determined and sent to the mobile gaming device via the server.

Abstract: Malware detection is often based on monitoring a local application binary and/or process, such as detecting patterns of malicious code, unusual local resource utilization, or suspicious application behavior. However, the volume of available software, variety of malware, and sophistication of evasion techniques may reduce the effectiveness of detection based on monitoring local resources. Presented herein are techniques for identifying malware based on the reputations of remote resources (e.g., web content, files, databases, IP addresses, services, and users) accessed by an application. Remote resource accesses may be reported to a reputation service, which may identify reputations of remote resources, and application reputations of applications that utilize such remote resources. These application reputations may be used to adjust the application policies of the applications executed by devices and servers.

Abstract: A tenant multiplexer in an administrative tenant of a multi-tenant software architecture can call an administrative agent in the administrative tenant and receive, from the administrative agent, an action framework and a trusted connection protocol for accessing each of the plurality of client tenants. The trusted connection protocol can establish, without tenant-specific authentication information, a trusted system connection to an update agent in each of the plurality of client tenants. An action framework can be simultaneously implemented using the update agent of each of at least a subset of the plurality of client tenants under control of the multiplexer via the trusted system connection to begin execution of the software process for the at least the subset of client tenants.

Abstract: A system that incorporates teachings of the present disclosure may include, for example, a non-transitory computer-readable storage medium operating in a mobile device server. The non-transitory computer-readable storage medium can include computer instructions to execute a web server application in the mobile device server. The web server application can be operable cause the mobile device server to detect a media resource center while roaming in a communication zone of the media resource center, transmit a pairing key to the media resource center, and receive from the media resource center authorization to pair with one or more resources selected by the media resource center according to the pairing key. In one embodiment a billing system can be operable to determine whether to apply a monetary charge to a subscriber account based on the pairing key. Other embodiments are disclosed.

Abstract: A system and method of decrypting is provided. The method includes grouping domain data of the domain for authorized parties, encrypting a group of leaves in the grouped data having a tree structure using a common key, generating first public data, obtaining a common key by decrypting the first public data using a secret key of a link creator and decrypt the groups using the common key and the secret key, generating a, propagating records, generating second public data by encrypting the table using a common key, obtaining a common key by decrypting the first public data and the second public data using a secret key and generating a view by decrypting data received from a method for the link creator using the common key obtained by decrypting the first public data and the second public data using the secret key.

Abstract: A behavioral security analysis system comprises a computational semantic parser configured to process data associated with a security information and event management (SIEM) system to generate a plurality of logical descriptors, and a learning engine coupled to the computational semantic parser and configured to generate a plurality of behavioral security descriptors based at least in part on at least a subset of the logical descriptors. The behavioral security descriptors are made accessible to an alerting engine of the SIEM system and utilized to generate one or more security alerts.

Abstract: A secure mobile application connection bus is disclosed. First encryption information and an identifier associated with a data storage location on a mobile device are provided from a first application to a second application. Second encryption information associated with the second mobile application is retrieved from the data storage location. The second mobile application is configured to provide data to the data storage location. Data is transferred securely between the first mobile application and the second mobile application via the data storage location.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media for identifying malware attacks collects data traffic information. A system receives data traffic information indicative of communications between computers within a network and computers external to the network. The system parses the data traffic information to identify communication links between the computers within the network and computers external to the network. The system can generate communication link profiles for each of the computers within the network. The system can then group computers within the network into computer clusters based on similarities between the communication link profiles for each computer. The system can identify computer clusters having anomalous communication patterns as being indicative of a malware attack.

Abstract: Described herein are methods, network devices and machine-readable storage media for conducting simulated phishing attacks on an individual so as to educate the individual about the various ways in which phishing attacks may be disguised. Specifically described is a simulated phishing attack involving a sequence of messages. At least one of the messages has an associated target action that would ordinary, if the attack were an actual phishing attack, result in the individual's personal information and/or computing device becoming compromised. In the simulated phishing attack, no malicious action is actually performed. At least one of the other messages is designed to draw attention to the message with the target action.

Abstract: A method and system for identifying a machine used for an online session with an online provider includes executing a lightweight fingerprint code from a provider interface during an online session to collect and transmit machine and session information; generating and storing a machine signature or identity including a machine effective speed calibration (MESC) which may be used to identify the machine when the machine is used in a subsequent online session by a method of matching the machine signature and MESC to a database of machine identities, analyzing a history of the machine's online sessions to identify one or more response indicators, such as fraud indicators, and executing one or more responses to the response indicators, such as disabling a password or denying an online transaction, where the response and response indicator may be provider-designated.

Abstract: According to one embodiment, an apparatus may store a plurality of tokens. The plurality of tokens may include a plurality of risk tokens. Each risk token may represent a risk rating. The risk rating may be a numerical value indicating a risk associated with granting a particular user access to a particular resource. The apparatus may identify a set of related risk tokens in the plurality of risk tokens, and generate a composite risk token that represents an arithmetic combination of the risk ratings represented by the set of related risk tokens. The apparatus may then use the composite risk token to facilitate the making of an access decision.

Abstract: A system for reviewing the ownership of data resources includes a database that stores a plurality of data resource identifiers. Each of the plurality of data resource identifiers has an associated owner field. The system also includes a second database that stores data resource review definitions. The review definitions define a review processes for the plurality of data resources. The system further includes a processor that is in communication with the data resource database and the review definition database. The processor executes the data resource ownership review processes defined by the review definitions at the appropriate times.

Abstract: Identifying valid wireless access points based on clock skews. A computing device receives plurality of frames, each including a corresponding timestamp, from a wireless access point. The computing device calculates transmit and receive offsets based on transmit and receive times of the plurality of frames, and also calculates differences between the transmit and receive offsets. The computing device also calculates a clock skew of a clock at the wireless access point based on a slope of the differences. The client computing device determines whether the wireless access point is an authorized wireless access point or an unauthorized wireless access point based on comparing the calculated clock skew with one or more known baseline clock skews of one or more authorized wireless access points.

Abstract: A communication unit and a controller are included, the communication unit being configured to communicate with a communication apparatus using a first communication procedure in which authentication of the communication apparatus is performed in order to retain a communication session with the communication apparatus and using a second communication procedure that does not require authentication of the communication apparatus in order to communicate with the communication apparatus, the controller being configured to perform, using the first communication procedure and the second communication procedure, control under which it is determined whether a communication session with the communication apparatus is to be retained and perform control under which a limit is put on retaining of the communication session with the communication apparatus through the second communication procedure in a case where the communication apparatus is not authenticated as a certain communication apparatus through the first commun

Abstract: Techniques for electronic signature process management are described. Some embodiments provide an electronic signature service (“ESS”) configured to manage electronic identity cards. In some embodiments, the ESS generates and manages an electronic identity card for a user, based on personal information of the user, activity information related to the user's actions with respect to the ESS, and/or social networking information related to the user. The electronic identity card of a signer may be associated with an electronic document signed via the ESS, so that users may obtain information about the signer of the document. The ESS may also generate a trust score for the user based on activity information related to the user's actions with respect to the ESS and/or other factors. The trust score may be used to recommend authentication mechanisms to use with respect to electronic signature transactions.

Abstract: The current disclosure relates to techniques for system and methods for software-based management of remote software authentication of at least one entity machine, addressing various vulnerabilities of software authentication based upon the genuinity based scheme. The disclosure is using challenge execution on at least one suspect machine, providing a technique for CPU event monitoring of a combined count of at least two events monitored on the entity machine during execution of the authentication challenge. The authentication challenge allows further detection functionality of virtual machine or a hypervisor installed. The techniques measures execution time of authentication challenge, comparing the received challenge result with the expected challenge result and accordingly rejects or allows the entity machine through the authentication process.

Abstract: This data providing method is carried out by a computer (460) built in a data processing system (1) which is designed to collect log information from electronic devices through a network (30) and provide services based on that log information for authenticated users. The method includes: receiving a fridge's (100a, 100b) log information through the network; generating display data, representing a trend of change of a recovery time that indicates how long it takes for the fridge's inside temperature to recover a preset operating temperature since the fridge's door was closed, by reference to pieces of information which are included in the fridge's log information and which indicate (i) the preset operating temperature inside the fridge, (ii) the temperature of the ambient surrounding the fridge, (iii) a temperature inside the fridge, and (iv) opening and closing history of the fridge; and providing the display data for an authenticated user's display terminal (130a, 130b).

Abstract: A computer apparatus is remotely initiated. Confirmation of a detected and authenticated presence of a user is detected and confirmed remote from the computer apparatus. A dedicated resource that will be implemented using the computer apparatus is logged in in a protected workstate that prevents access to the computer apparatus until a local presence of the user is detected and authenticated. The workstate of the computer apparatus is unprotected upon confirmation of the local presence of the user. Access to the user is allowed upon unprotecting the workstate of the computer apparatus.

Abstract: A system and a method are provided for authenticating the nodes of a communication network in order to access the services of a service provider, and includes a collective authentication of the nodes, performed in a single exchange between the nodes of the network declared in a group and an authentication server. Depending on the result of the authentication, the service provider is provided with cryptographic material in order to implement individualized controlled access to the resources or to the services offered for each node.

Abstract: A method includes intercepting, in a carrier network, data communicated from a sending entity and destined for a mobile device, comparing the data that has been intercepted with a data pattern to determine whether the data that has been intercepted matches the data pattern, and blocking the data that has been intercepted from reaching the mobile device when the data that has been intercepted matches the data pattern.

Abstract: An example system to retrieve medical exams stored at a plurality of nodes includes a request receiver to receive a request for a plurality of medical exams via a first node of the plurality of nodes. Each node of the plurality of nodes is associated with a respective facility providing the medical exams. A load balancer is to determine a load generated on the first node based on the request and weigh the load on the first node relative to a load on at least a second node of the plurality of nodes. A path selector is to select a node of the plurality of nodes to process the request based on the weighted loads. Upon selection of the node, a query tool is to query the selected node and the plurality of nodes for the medical exams and deliver the medical exams to a user via the first node.

Abstract: Techniques for grouping virtual machine (VM) objects for networking and security services in a virtualized computing system are described. In one example embodiment. VM attributes and identity attributes are obtained from a virtual center and an identity server, respectively. One or more desired security groups are then formed based on security requirements of the virtualized computing system. A user defined dynamic expression is then associated with the one or more security groups. One or more expression attributes are then determined by evaluating the user defined dynamic expression using the obtained VM attributes and identity attributes. VM objects are then grouped based on the determined one or more expression attributes. The grouped VM objects are then associated with the created one or more security groups for providing the networking and security services.

Abstract: A method for managing security levels on a mobile device includes receiving a capsule including first data; assigning a first data tag to the capsule, the first data tag identifying a security level for the first data; storing the capsule on the mobile device; executing a process on the mobile device, the process associated with an application tag; allowing the process to access the first data when the application tag matches the first data tag, the process for generating second data in response to the first data.

Abstract: An optical disc drive (ODD) includes a radio-frequency identification (RFID) reader. The reader includes a circuit and a coil antenna which has a rotational symmetry with respect to a rotation axis of a motor, shaft and turntable of the ODD. The coil antenna can be secured to a wall of a housing of the ODD or around the motor and/or shaft. The reader can read an RFID tag on an optical disc. The RFID tag includes a circuit and a coil antenna which has a rotational symmetry with respect to the disc. As a result, the RFID tag can be read while the disc is rotating. A magnetic insulating material such as a ferrite polymer composite film is used to magnetically insulate the coil antenna. An authentication code can be read from the RFID tag to control access to content of the optical disc.